A C-level executive will be fired in 2023 for using employee monitoring by his firm. This is one of the security, privacy and risk predictions aired by Forrester on Monday.

In the coming year, lawmakers will pay more attention to workplace surveillance, and whistleblowers may also demand surveillance information to support complaints about labor law violations, according to predictions put together by 10 Forrester analysts .

Analysts advise companies to prioritize privacy rights and employee experience when implementing any monitoring technology, whether for productivity, return to office strategies, or insider risk management.

Joe Stanford, head of the C-Suite, said, “People in the C-Suite need to be aware of their surveillance and people’s privacy, and ideally they’ll have a third-party audit behind them to make sure they follow the applicable rules.” complying.” Global Security & Privacy for Platform.sh, a Global Platform as a Service Provider.

“We have a new generation of employees coming in that cares about privacy rights,” he told TechNewsWorld.

Timothy Twohey, a privacy attorney with Greenberg Glusker in Los Angeles, agreed that a breach of employee or customer privacy could bring down an executive in the future.

“In light of the FTC’s Drizzly decision, officials are very much in the crosshairs,” he told TechNewsWorld. “If there’s a case where there’s insufficient security, no protection plan, or there’s a prior violation that’s been overlooked, I can see someone from the C-suite being put on the chopping block.”

In the Drizly case, the Federal Trade Commission announced in October that it would impose a personal sanctions against the CEO of that alcohol delivery company for abuse of data privacy that allegedly resulted in the disclosure of the personal information of nearly 2.5 million customers.

security team burnt

Forrester also predicted that a Global 500 firm would be busted for burning its cybersecurity staff in 2023.

Analysts said security teams are already under-staffed. He cites a 2022 study that found that 66% of safety team members experience significant stress at work, and 64% reported the impact work stress had on their mental health.

He added that employees are expected to be available 24/7 through large events, to be on top of every risk, to deliver results in a limited time frame, and to face pushback when making budget requests.

“Today, every security team, including my own, has been burned,” Stanford said. “The reason we burn is because we don’t have enough money. Why don’t we have enough money? Because the protection is treated at the cost center.”

The rise in supply chain attacks and the need to monitor more third-party risk are also contributing to burnout, said Brad Hibbert, COO and CSO of Prevalent Networks, a third-party risk consulting company.

“Companies are trying to get more visibility into more third parties,” he told TechNewsWorld. “That means they have to do more third party assessments. To do that, the security teams need to do more work. We’re finding that the teams are hitting a wall. They can do their own thing without burning the security teams.” Cannot scale up programs effectively and efficiently.”

resetting expectations

Roger Grimes, a defense campaigner at KnowBe4, a security awareness training provider in Clearwater, Fla., observed that cybersecurity employee burnout is a real thing.

“I have been in the cyber security world for over 34 years now, and during that time I have had to mentor and mentor many people who were completely burned out in this area, mostly because they are working hard to prevent cybercrime. What they were doing was not working and is likely to never work,” he told TechNewsWorld.

He said, “I have left the cyber security field to work for artists, writers and even work that could be seen as ‘menial labour’, because they at least felt that their new Jobs are making a difference in people’s lives,” he said. ,

“I get it. Who wants to be at the high-speed hamster wheel and never move, never solve the problem you were hired to solve?” Grimes asked.

“I recommend cyber security professionals to get a police-like mindset for their work,” he continued. “Don’t think you’re ever going to be a complete problem solver. Be like a beat cop who knows his town is full of crime, most of it they can’t stop, and it’s all around them. And every cop keeps his head down, doing the best he can, and if they can do the best they can to the crime in front of him, they’ve done a great job.”

“If you don’t want to get burned out, reset your expectations, do the best you can within what you are able to control, and measure your success by what you can influence,” he advises.

ambitious prediction

Another Forrester prediction: More than 50% of chief risk officers will report directly to their organization’s CEO.

In 2022, risk became a major topic at security conferences such as Black Hat, analysts said. It has surpassed compliance as the primary driver for governance, risk and compliance technology investments as the level of risk for enterprises has increased.

He also noted that the risk preferences of firms are shifting from compliance to flexibility. Executives and boards are looking for a CRO to help identify new business opportunities.

ERM Initiative and AICPA’s 2022 The State of Risk Oversight study shows that 44% of firms have a CRO, of which 47% report to the CEO, he said. To ensure that ERMs receive the required level of executive visibility and support, more CROs will report to CEOs in 2023, he noted.

Jason Hicks, field CISO and executive advisor at Coalfire, a provider of cybersecurity advisory services in Westminster, Colo., found Forrester’s 50% prediction a bit ambitious.

“Safety and risk executives have been pushing for this change for years,” he told TechNewsWorld. “Internal company politics is a very significant constraint on this.”

“I expect to see more security executives reporting to the CEO, but not 50% next year,” he said. “I will expand the titles to include CISO and CSO, as the CRO title is most prevalent in financial services and may not exist in other verticals as a standalone role.”

Getting into MDR Business

Forrester also predicts that at least three cyber insurance underwriters will acquire a managed identification and response (MDR) provider in 2023.

While insurance providers began a more rigorous underwriting process in 2022, increased premiums and low coverage blind spots still exist, analysts explained.

They expect insurers to move aggressively into cybersecurity by acquiring MDR firms, many of which will be looking to exit a market that is too competitive.

Hicks agreed with Forrester’s forecasters. “This is a good way to add ARR . [Absolute Risk Reduction] in their revenue mix,” he said.

“We have already seen Aon and others buy out incident response firms, so this is another synergistic investment for insurers,” he continued. “It can also be a good way to manage staffing challenges, as many MDR firms also have incident response staff.”

Using no-code technology instead of dedicated code programmers could become the future of software development in the retail marketing and related software-manufacturing industries. But it is not a one-size-fits-all solution for all use cases.

No-code, a method of creating software applications that requires little to no programming skills, lets workers within an occupation build an application without formal programming knowledge or training in a particular programming language.

In essence, the no-code platform enables users to create software applications such as online forms or even fully functional websites, or to add functionality to an existing site or app.

It’s important to clarify that many different applications of no-code platforms exist, according to Christian Brink Fredriksson, CEO of Leapworks, a global provider of automation software.

No-code platforms are fairly new. Therefore companies planning to adopt a no-code approach should thoroughly examine and test the no-code tools on the market to ensure that the selected products live up to their claims.

“There are a lot of platforms today that claim to be, but there are actually no codes, or they lack the power needed to do what they say they would do without additional coding,” he told TechNewsWorld.

Leapworks has developed a test automation product that is accessible and easy to maintain. Its secret sauce is providing faster results at a lower cost, requiring fewer specialist resources than traditional test automation approaches.

“At Leapworks, we have democratized automation with our fully visual, no-code test automation platform that enables testers and everyday business users to create, maintain and scale automated software tests in any kind of technology. Makes it easier to do,” Frederickson said. This enables enterprises to rapidly adopt and scale automation.

Security remains top concern

An explicit inquiry about no-code platforms should consider how no-code technology addresses the security problems that affect both proprietary and open-source programming.

If designed well, no-code platforms can be safe and secure, Fredrickson said. When coding manually from scratch, it is easy to introduce bugs and vulnerabilities that hackers can exploit.

“Since no-code platforms are designed to automate the creation of apps or to perform functions in an automated manner, they are inherently more consistent,” he explained.

Of course, the no-code platform itself has to be secure. Before choosing a solution, organizations should conduct a thorough security audit and select a solution that is ISO-27001 and SOC-2 compliant, he recommended.

Coding Pros and Non-Pros alike

No-code platforms are primarily meant only for programmers or IT coders to use in-house instead of outsourced software developers. Both use cases come into play successfully.

No-code platforms are certainly useful for IT coders and programmers, but the primary value of no-code test platforms is to expand the ability to build and test applications for people who are not trained as software developers. , offered Fredriksen.

For example, Leapworks makes it easy for testers and everyday business users to set up and maintain large-scale test automation. This empowers quality assurance teams to experience shorter test cycles and an immediate return on investment.

Benefits for DevOps

Speeding up testing is a huge advantage, noted Fredriksen, because hand-coding poses a huge bottleneck, even for an experienced DevOps team. While testers are extremely skilled at designing tests and understanding the inherent complexity of software, they are not traditionally trained to code.

He set a good example.

Leapworks co-founder and chief product officer Klaus Topholt worked at an investment bank before joining Fredriksen to found Leapworks in 2015. The test was important as the bank relied on rapid trading at high volumes. If the quality of the software was poor, it could literally lead to the bankruptcy of the institution.

“Klaus decided to create a simplified programming language for creating tests so that testers could install them, speeding up the process. But he quickly found that testing and programming are completely different domains, and, frankly, It’s not fair to force testers, who are already highly skilled, to learn extremely complex programming skills,” Fredrickson explained.

During discussions with the testing team, Klaus and his colleagues began using a whiteboard to create a flowchart. Everyone immediately understood what this meant.

lesson learned

Flow charts were such a simple, clear way to express something complex. So, it was clear that this was the way forward to enable model testers to create their own sophisticated tests without coding.

“The lesson was, if you give testers something as intuitive as a flow chart to create automated tests, you’ll save a lot of time and remove bottlenecks, because you’re not relying on the developers’ time and expertise. are,” Frederickson said.

Klaus left the investment bank to found Leapworks and became a no-code platform. They built a visual language that enables business users to automate testing using a flowchart model.

Leapwork co-founders Klaus Topholt and Christian Brink Friedrichsen

Leapworks CPO and Co-Founder Klaus Topholt (L) | Christian Brink Fredriksson, CEO and co-founder of Leapworks (Image Credit: Leapworks)

“It democratizes automation because it is so easy for non-coders to use and maintain, which in turn empowers businesses to scale up their automation efforts and accelerate the development process,” Fredrickson said.

No-code Q&A

Headquartered in Copenhagen, Denmark, last year Leapworks raised $62 million in the largest Series B funding round ever in Danish history. The round was led by KKR and Salesforce Ventures.

Leapworks is used by Global 2000 companies – including NASA, Mercedes-Benz and PayPal – for robotic process automation, test automation, and application monitoring.

We asked Fredriksen to reveal more details about the inner workings of the no-code solution.

TechNewsWorld: How can companies add automation to their testing processes?

Christian Brink Fredrickson: Release is a way to include automated tests as an integral part of moving from one stage of the process to another.

For example, when a developer tests code in a development server, a series of automated tests must be triggered as part of the same process that generates the build.

These regression tests can identify large bugs early, so the developer can fix them quickly, while the code is still fresh in the developer’s mind.

Then, as the code progresses to testing and, eventually, production, again, a series of automated tests must be launched: extensive regression testing, verification of its visual appearance, performance, and so on.

It is important that business users – such as a business analyst or a tester in a QA department – have the ability to implement this automation. That’s where no-code is so important.

How does no-code differ from low-code solutions?

Fredriksen: No-code doesn’t really involve any code. If you want non-developers to use the platform, you have to no-code it. Less code may speed up development, but you’ll still need someone with developer skills to use it.

Which is more beneficial for Enterprise and DevOps, no-code or low-code?

Fredriksen: No-code empowers enterprises and DevOps teams to implement automation at scale, ultimately enhancing software delivery performance. Low-code solutions still require you to know how to code to maintain the software.

No-code allows anyone to automate a workflow. Using no-code, developers and technically skilled workers can focus on high-value tasks, and QA professionals such as testers can maintain testing automatically and easily.

Surveys have shown that testing is the one that slows down the development process the most. If you want to make a serious impact on DevOps, you really should consider using a no-code platform.

Is no-code a threat to software and website developers?

Fredriksen: I would argue the exact opposite. No-code has the potential to open up new opportunities for developers. More software is being created and optimized than ever before, and yet we are in the midst of a serious developer shortage, with 64% of companies experiencing a software engineer shortage.

Instead of relying on code-based approaches and forcing businesses to search for talent externally, no-code allows companies to use their existing resources to build and test software. Technological resources are then free to focus on more complete, higher-value tasks, such as accelerating innovation and digital transformation.

Where do you see no-code technology going?

Fredriksen: AI is a powerful technology, but its short-term effects are a bit high. We believe that the challenge to limit the capabilities of artificial intelligence today is human-to-AI communication.

It should be possible to tell the computer what you want it to do, without any technical details on how to do it. Essentially, we need to be able to give requirements to the AI ​​for a task, and then the AI ​​can handle the rest.

We at Leapwork have made great strides on this problem. There is still much more work to be done.